Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105969 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1042153 | Third Party Advisory VDB Entry |
https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List Third Party Advisory |
https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch Third Party Advisory |
http://www.securityfocus.com/bid/105969 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1042153 | Third Party Advisory VDB Entry |
https://seclists.org/fulldisclosure/2018/Nov/49 | Mailing List Third Party Advisory |
https://www.vmware.com/security/advisories/VMSA-2018-0029.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/105969 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1042153 - Third Party Advisory, VDB Entry | |
References | () https://seclists.org/fulldisclosure/2018/Nov/49 - Mailing List, Third Party Advisory | |
References | () https://www.vmware.com/security/advisories/VMSA-2018-0029.html - Patch, Third Party Advisory |
Information
Published : 2018-11-26 20:29
Updated : 2024-11-21 03:42
NVD link : CVE-2018-11067
Mitre link : CVE-2018-11067
CVE.ORG link : CVE-2018-11067
JSON object : View
Products Affected
dell
- emc_integrated_data_protection_appliance
- emc_avamar
vmware
- vsphere_data_protection
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')